HIPAA Compliance in HSLynk - servinglynk/hslynk-open-source-docs GitHub Wiki

Architecture of our HIPAA-driven security-related components:

• separate VPCs for production and development with with separate subnets
• Bastion host
• Encryption at rest of S3, Big Data, and relational data stores
• Encryption of data in motion - SSH, TLS, tokenized APIs, Trusted Apps
• Identity and access control by role
• We have a BAA with Amazon Web Services

Other steps:

• send us your BAAs for review/signature
• review our data policies: https://about.hslynk.com/policies